redis-store / redis-actionpack Goto Github PK

View Code? Open in Web Editor NEW

73.0 73.0 45.0 113 KB

Redis stores for ActionPack

Home Page: http://redis-store.org/redis-actionpack

License: MIT License

Ruby 98.74% Logos 1.13% HTML 0.13%

rails redis redis-store ruby

redis-actionpack's Introduction

Redis stores for Ruby frameworks

Redis Store provides a full set of stores (Cache, I18n, Session, HTTP Cache) for modern Ruby frameworks like: Ruby on Rails, Sinatra, Rack, Rack::Cache and I18n. It supports object marshalling, timeouts, single or multiple nodes, and namespaces.

Please check the README file of each gem for usage and installation guidelines.

Redis Installation

Option 1: Homebrew

MacOS X users should use Homebrew to install Redis:

brew install redis

Option 2: From Source

Download and install Redis from the download page and follow the instructions.

Running tests

git clone git://github.com/redis-store/redis-store.git
cd redis-store
bundle install
bundle exec rake

If you are on Snow Leopard you have to run env ARCHFLAGS="-arch x86_64" ruby ci/run.rb

Contributors

https://github.com/redis-store/redis-store/graphs/contributors

Versioning

The redis-store family of gems uses Semantic Versioning, meaning gems depending on redis-store can be reliably inclusive of any version between the current and the next major. We recommend the following dependency in your library's gemspec:

s.add_dependency 'redis-store', '>= 1.4', '< 2'

Status

Copyright

2009 - 2013 Luca Guidi - http://lucaguidi.com, released under the MIT license.

redis-actionpack's People

Contributors

Stargazers

Watchers

Forkers

doorkeeper dfried antonypp marcroberts milesmatthias shiro16 arrivalist lsylvester wonderweblabs fullbearded alex223124 lgn21st ryanmcgary dashkb connorshea michaeldawson venuenext learnupon ekampp eitoball olleolleolle afrojun rikanu ojab minimsecure casperisfine semoal kazk sasha-bichkov gogainda tarunc yujideveloper soartec-lab natsuokawai lejpower r7kamura isabella232 hogelog royzwambag igor-drozdov nextlot

redis-actionpack's Issues

Release to rubygems.org? :)

Would you mind release redis-actionpack as a minor release to rubygems.org so that we could use it with Rails 6?

I have noticed you already bumped max version constraint on actionpack.

Thanks for the work!

Regards

broken session key deletion in 5.2.0

An issue with pretender gem (and I support with other things which are using "session") when session_store is in redis.

Code below

  def logout
    logger.info 'Stop Impersonating...'.red
    stop_impersonating_user
   # stop_impersonating_user - from gem pretender
   # it basically deleting session key
   # https://github.com/ankane/pretender/blob/fd89162912dcb5584c703948beb3dd7f83e958cf/lib/pretender.rb#L64
   # request.session.delete("impersonated_user_id")
    redirect_to '/'
  end

and even in after_action I could see that key is deleted, but on next page load key is present.

If I downgrade to version 5.1.0 all works.

domain :all is not working.

I'm using redis_store with domain :all option.
then, I got no implicit conversion of Symbol into String errors.

I found related issues here
but, It's failure status.

My Environments
Rails 3.2.22

Using redis 3.2.1
Using redis-namespace 1.5.2
Using redis-store 1.1.7
Using redis-rack 1.4.4
Using redis-actionpack 3.2.4
Using redis-activesupport 3.2.5
Using redis-rack-cache 1.2.2
Using redis-rails 3.2.4

can't use domain: :all

When using the redis session store, it's currently (again) not possible to use domain: :all to have the cookie set for all subdomains.

I think this is because the actionpack redis session store class is derived from Rack::Session::Redis class instead of ActionDispatch::Session::AbstractStore which adds this handling (see set_cookie method in there).

New release for Rails 7 support

I noticed the Rails 7 support has already been merged. Any ETA on a release?

Would you mind release `redis-actionpack` to rubygems.org

Would you mind release redis-actionpack as a minor release to rubygems.org so that we could use redis-store 1.4.0?

Thanks and Best Regards.

Session is not found on the next request when 'signed: true'

I am using this gem to store Rails application session in Redis. Now I am testing it in development mode on localhost:3000

Everything works fine except for the case when I set 'signed' option to true.

In that case when I assign any value in the 'session', I can see in the browser that the corresponding cookie key is created successfully. However, when I try accessing the assigned session value on the next request, it returns nil.

# setting value in session
session[:foo] = "bar"

# on next request
session[:foo] # => nil

Also, when I assign a session value again, the cookie value in the browser changes (gets replaced with a new value).
Tested in Chrome and Firefox

Session store configuration:

Rails.application.config.session_store :redis_store, 
    servers: [ENV.fetch("REDIS_URL")],
    key: "_project_name_session",
    expire_after: 90.minutes,
    signed: true

Environment:

Ruby 2.6.6
Rails 5.2.4

# Gems:
redis (4.2.1)
redis-actionpack (5.2.0)
redis-rack (2.1.2)
redis-store (1.9.0)

puma (3.12.6)
rack (2.2.3)

Use signed session id in cookies instead of plain text

From @cjmao at redis-store/redis-rails#85

Currently the session id is stored as plain text in cookies. Though the chance of a user guessing a valid session id is quite low, it's still possible for a user to set his session to another user's.
By using signed session id (cookies.signed[:_session_id]), it won't be possible for a user to guess a valid session id.

Ability to add the user_id to redis key when available

Hey 👋

Recently I have migrated my rails sessions in one of my projects from MySQL to Redis, while using this gem.

However, I want to have the ability to delete all sessions of a specific user (e.g: when a user changes password, logging out from all devices, disabling a user).

After some investigation I haven't managed to find a way to do it.

I thought of managing a separate set in redis per user with all the session_private_ids (because the key is based on the private_id) in order to know each ones to remove.
The keys would be populated on login, but this doesn't work because the Rack::Session::Id I have access to during the request is renewed after login.

The list management would be more or less like this (ignoring the invalidation of old keys for now):

# Class that manages list of sessions for each user
module Auth
  class SessionList
    LIST_NAMESPACE = "sessionlist"
    SESSION_NAMESPACE = "session"

    def initialize(user:)
      @user = user
    end

    def client
      @client ||= Redis.new(url: Rails.application.config.sessions[:redis_url])
    end

    # Append user session to list of active sessions
    def append_session_key(session_id)
      session_key = session_key(session_id)
      client.sadd(list_key, session_key)
    end

    private

    def list_key
      @list_key ||= "#{LIST_NAMESPACE}:#{@user.id}"
    end

    # Representation of each session key inside redis, which is composed by
    # the namespace defined in config/initializers/session_store.rb
    # and the session private id
    def session_key(session_id)
      "#{SESSION_NAMESPACE}:#{session_id}"
    end
  end
end

# Action that handles login
def login
  # delegate auth to warden
  if authenticate
    Auth::SessionList.new(user: current_user).append_session_key(session.id.private_id)
  end
end

So, if there was the ability to allow the session_key in redis to have a user identified, that would be fixed.

Do you have any idea on this?

Thanks,
David

Incompatible with rails_admin 1.4.x

Just updated to rails_admin 1.4.2 and got this error on start up:

Required middlewares for RailsAdmin are not added
To fix tihs, add

  config.middleware.use ActionDispatch::Session::RedisStore, {:redis_server=>{:host=>"127.0.0.1", :port=>6379, :password=>nil, :namespace=>"spacious:development:sessions"}, :key=>"_spacious_development_sessions_v2017_01_04_1426"}

to config/application.rb.

error raised from
https://github.com/sferik/rails_admin/blob/v1.4.2/lib/rails_admin/engine.rb#L46

Not sure if this is this gem's issue or rails_admin's issue

Incompatible with Redis 4.2.0 gem when expire_after is nil — "unknown keywords"

Error

unknown keywords: path, domain, expire_after, secure, httponly, defer, renew, redis_server, servers, id

Reproduction steps

rails new demo --skip-action-mailer --skip-action-mailbox --skip-action-text --skip-active-record --skip-active-storage --skip-puma --skip-action-cable --skip-sprockets --skip-spring --skip-listen --skip-javascript --skip-turbolinks --skip-test --skip-system-test --skip-bootsnap

cd demo

Gemfile

source 'https://rubygems.org'
git_source(:github) { |repo| "https://github.com/#{repo}.git" }

ruby '2.6.6'

gem 'rails', '~> 6.0.3', '>= 6.0.3.1'
gem "redis-actionpack", "~> 5.2"

Gemfile.lock

GEM
  remote: https://rubygems.org/
  specs:
    actioncable (6.0.3.1)
      actionpack (= 6.0.3.1)
      nio4r (~> 2.0)
      websocket-driver (>= 0.6.1)
    actionmailbox (6.0.3.1)
      actionpack (= 6.0.3.1)
      activejob (= 6.0.3.1)
      activerecord (= 6.0.3.1)
      activestorage (= 6.0.3.1)
      activesupport (= 6.0.3.1)
      mail (>= 2.7.1)
    actionmailer (6.0.3.1)
      actionpack (= 6.0.3.1)
      actionview (= 6.0.3.1)
      activejob (= 6.0.3.1)
      mail (~> 2.5, >= 2.5.4)
      rails-dom-testing (~> 2.0)
    actionpack (6.0.3.1)
      actionview (= 6.0.3.1)
      activesupport (= 6.0.3.1)
      rack (~> 2.0, >= 2.0.8)
      rack-test (>= 0.6.3)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.2.0)
    actiontext (6.0.3.1)
      actionpack (= 6.0.3.1)
      activerecord (= 6.0.3.1)
      activestorage (= 6.0.3.1)
      activesupport (= 6.0.3.1)
      nokogiri (>= 1.8.5)
    actionview (6.0.3.1)
      activesupport (= 6.0.3.1)
      builder (~> 3.1)
      erubi (~> 1.4)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.1, >= 1.2.0)
    activejob (6.0.3.1)
      activesupport (= 6.0.3.1)
      globalid (>= 0.3.6)
    activemodel (6.0.3.1)
      activesupport (= 6.0.3.1)
    activerecord (6.0.3.1)
      activemodel (= 6.0.3.1)
      activesupport (= 6.0.3.1)
    activestorage (6.0.3.1)
      actionpack (= 6.0.3.1)
      activejob (= 6.0.3.1)
      activerecord (= 6.0.3.1)
      marcel (~> 0.3.1)
    activesupport (6.0.3.1)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (>= 0.7, < 2)
      minitest (~> 5.1)
      tzinfo (~> 1.1)
      zeitwerk (~> 2.2, >= 2.2.2)
    builder (3.2.4)
    concurrent-ruby (1.1.6)
    crass (1.0.6)
    erubi (1.9.0)
    globalid (0.4.2)
      activesupport (>= 4.2.0)
    i18n (1.8.3)
      concurrent-ruby (~> 1.0)
    loofah (2.5.0)
      crass (~> 1.0.2)
      nokogiri (>= 1.5.9)
    mail (2.7.1)
      mini_mime (>= 0.1.1)
    marcel (0.3.3)
      mimemagic (~> 0.3.2)
    method_source (1.0.0)
    mimemagic (0.3.5)
    mini_mime (1.0.2)
    mini_portile2 (2.4.0)
    minitest (5.14.1)
    nio4r (2.5.2)
    nokogiri (1.10.9)
      mini_portile2 (~> 2.4.0)
    rack (2.2.2)
    rack-test (1.1.0)
      rack (>= 1.0, < 3)
    rails (6.0.3.1)
      actioncable (= 6.0.3.1)
      actionmailbox (= 6.0.3.1)
      actionmailer (= 6.0.3.1)
      actionpack (= 6.0.3.1)
      actiontext (= 6.0.3.1)
      actionview (= 6.0.3.1)
      activejob (= 6.0.3.1)
      activemodel (= 6.0.3.1)
      activerecord (= 6.0.3.1)
      activestorage (= 6.0.3.1)
      activesupport (= 6.0.3.1)
      bundler (>= 1.3.0)
      railties (= 6.0.3.1)
      sprockets-rails (>= 2.0.0)
    rails-dom-testing (2.0.3)
      activesupport (>= 4.2.0)
      nokogiri (>= 1.6)
    rails-html-sanitizer (1.3.0)
      loofah (~> 2.3)
    railties (6.0.3.1)
      actionpack (= 6.0.3.1)
      activesupport (= 6.0.3.1)
      method_source
      rake (>= 0.8.7)
      thor (>= 0.20.3, < 2.0)
    rake (13.0.1)
    redis (4.2.0)
    redis-actionpack (5.2.0)
      actionpack (>= 5, < 7)
      redis-rack (>= 2.1.0, < 3)
      redis-store (>= 1.1.0, < 2)
    redis-rack (2.1.2)
      rack (>= 2.0.8, < 3)
      redis-store (>= 1.2, < 2)
    redis-store (1.8.2)
      redis (>= 4, < 5)
    sprockets (4.0.2)
      concurrent-ruby (~> 1.0)
      rack (> 1, < 3)
    sprockets-rails (3.2.1)
      actionpack (>= 4.0)
      activesupport (>= 4.0)
      sprockets (>= 3.0.0)
    thor (1.0.1)
    thread_safe (0.3.6)
    tzinfo (1.2.7)
      thread_safe (~> 0.1)
    websocket-driver (0.7.2)
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.5)
    zeitwerk (2.3.0)

PLATFORMS
  ruby

DEPENDENCIES
  rails (~> 6.0.3, >= 6.0.3.1)
  redis-actionpack (~> 5.2)

RUBY VERSION
   ruby 2.6.6p146

BUNDLED WITH
   1.17.3

config/initializers/session_store.rb

Rails.application.configure do
  url = ENV.fetch('REDIS_DB_URL') { raise "REDIS_DB_URL must be set" }

  # broken
  expires = nil

  # works
  # expires = 1.minute

  config.session_store :redis_store, servers: [url], expire_after: expires
end

config/routes.rb

Rails.application.routes.draw do
  resources :examples
end

app/controllers/examples_controller.rb

class ExamplesController < ApplicationController
  def index
    Rails.logger.debug(session[:key])
    session[:key] = 42
    render plain: session[:key]
  end
end

Start the server

REDIS_DB_URL=dummy rails s

Navigate to /examples

Recursive Documentation for Rails

The documentation here states

For information on how to use this library in a Rails app, see the documentation for redis-rails.

However, the documentation on redis-rails says

We are still actively maintaining all other gems in the redis-store family, such as redis-actionpack for session management

Which doesn't really clean up anything. Would it be possible to clarify these instructions?

Support namespace option

It takes me hours to figure out how to use namespace when using this session store

# I set this myself
Rails.configuration.redis_url #=>"redis://127.0.0.1:6379/0"

namespace = "#{Rails.application.class.parent_name.underscore}:#{Rails.env.to_s.underscore}:sessions"
url = "#{Rails.configuration.redis_url}/#{namespace}"

Rails.application.config.session_store :redis_store, {
  redis_server: url,
  key: "_#{Rails.application.class.parent_name.underscore}_#{Rails.env.to_s.underscore}_sessions_",
}

Not sure if this issue belongs here or redis-rack

ActionController::InvalidAuthenticityToken in Rails 7

When adding redis-actionpack directly from master to test Rails 7 compatibility I'm running into a CSRF Token error.

It's hard for me to debug this deeper, but from what I've found it seems that either redis-actionpack or redis-rack are interfering with the way actionpack validates the CSRF Tokens.

I created this example app which consists of a rails new (first commit) and then a second commit that adds a basic form (all on the main branch).

This PR (on that ^ same repo) adds the config.session_store :redis_store configuration. When adding this is when the error is reproduced. Maybe I'm missing something? Any ideas/suggestions would be greatly appreciated.

I don't think it should make any difference, but I'm running macOS on an M1 machine.

5.0.0 relies on prereleases

Thanks for releasing 5.0.0 :) I think there was an oversight since the gem spec still relies on prerelease versions of redis-store and redis-rack, though.

Add License information to Gemspec

This will make it show up on rubygems.org. I'm doing due diligence on our gems and need to find out the licenses for all the gems. Having it show up on rubygems.org cuts out the step of having to go to the github repo.

Passing ssl_params in session_store not working

I have an app in Heroku, I'm trying to do the code below, but seems ssl_params not passing... because I still get the OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 peeraddr=52.214.49.109:23399 state=error: certificate verify failed (self-signed certificate in certificate chain))

Rails.application.config.session_store :redis_store,
                                       url: session_url,
                                       expire_after: 1.day,
                                       key: '_dokspot_session',
                                       domain: domain,
                                       tld_length: tld_length,
                                       secure: secure,
                                       ssl_params: { verify_mode: OpenSSL::SSL::VERIFY_NONE }

Any advice?

PS: If I use the cookie_store (default for session_store) it works without a problem so the problem is using Redis with session_store.

Rails5

redis-actionpack (>= 0) ruby depends on
      actionpack (~> 4) ruby

can the dependency be updated? Thanks

Fix deprecation warnings after Rails 5 upgrade

The following two issues need to be resolved in our test framework before Rails 5.1

DEPRECATION WARNING: Using a dynamic :action segment in a route is deprecated and will be removed in Rails 5.1. (called from block (2 levels) in with_test_route_set at /.../redis-actionpack/test/integration/redis_store_integration_test.rb:214)
DEPRECATION WARNING: render :text is deprecated because it does not actually render a text/plain response. Switch to render plain: 'plain text' to render as text/plain, render html: '<strong>HTML</strong>' to render as text/html, or render body: 'raw' to match the deprecated behavior and render with the default Content-Type, which is text/plain. (called from get_session_value at /.../redis-actionpack/test/dummy/app/controllers/test_controller.rb:22)

redis-store / redis-actionpack Goto Github PK

redis-actionpack's Introduction

Redis stores for Ruby frameworks

Redis Installation

Option 1: Homebrew

Option 2: From Source

Running tests

Contributors

Versioning

Status

Copyright

redis-actionpack's People

Contributors

Stargazers

Watchers

Forkers

redis-actionpack's Issues

Error

Reproduction steps

Recommend Projects

Recommend Topics

Recommend Org